OSDev.org

The Place to Start for Operating System Developers
It is currently Thu Mar 28, 2024 3:22 am

All times are UTC - 6 hours




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Wanted to look at IDT and other structs in memory
PostPosted: Tue Jul 24, 2018 12:03 pm 
Offline
Member
Member

Joined: Wed Nov 18, 2015 3:04 pm
Posts: 396
Location: San Jose San Francisco Bay Area
Wanted to do in linux since it is open source however, I had failed to find it and I am attributing to this feature: ASLR.
https://en.wikipedia.org/wiki/Address_s ... tion#Linux

It appears linux has implemented it after 2.6.x kernel so if I want to play purely for a educational purpose, perhaps I can grab the pre-2.6 kernel and try it?

_________________
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails


Top
 Profile  
 
 Post subject: Re: Wanted to look at IDT and other structs in memory
PostPosted: Wed Jul 25, 2018 3:42 am 
Offline
Member
Member
User avatar

Joined: Sat Jan 15, 2005 12:00 am
Posts: 8561
Location: At his keyboard!
Hi,

ggodw000 wrote:
Wanted to do in linux since it is open source however, I had failed to find it and I am attributing to this feature: ASLR.
https://en.wikipedia.org/wiki/Address_s ... tion#Linux


For slightly older CPUs, you should be able to use the "SIDT" or "SGDT" instructions in user-space (they are not privileged instructions) to determine where the IDT and GDT are (with or without ASLR the CPU must know the right addresses).

Recently (maybe only a few years ago) Intel added a feature they call "User-Mode Instruction Prevention" which is just a flag in CR4 that can be used to disallow the execution of various instructions (SIDT, SGDT, ..) in user-space. In this case you just need a slightly older CPU that doesn't support it or a slightly older kernel that doesn't support it.

ggodw000 wrote:
It appears linux has implemented it after 2.6.x kernel so if I want to play purely for a educational purpose, perhaps I can grab the pre-2.6 kernel and try it?


For emulators (e.g. Qemu) there's a monitor you can use to inspect the IDT and GDT, without caring which kernel it is, without caring if the kernel uses ASLR or not, and without caring if "User-Mode Instruction Prevention" is supported and used.


Cheers,

Brendan

_________________
For all things; perfection is, and will always remain, impossible to achieve in practice. However; by striving for perfection we create things that are as perfect as practically possible. Let the pursuit of perfection be our guide.


Top
 Profile  
 
 Post subject: Re: Wanted to look at IDT and other structs in memory
PostPosted: Thu Sep 13, 2018 5:05 am 
Offline

Joined: Thu Sep 13, 2018 3:57 am
Posts: 1
"SIDT" or "SGDT" lauren findley https://athletesphysiques.com/lauren-findley/ you should be able to "SIDT" or "SGDT" if it is a little older


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: SemrushBot [Bot] and 25 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group